[Horrible FBI Moneypak Virus - Help Needed!]

Hi - ran both and everything is seemingly working fine.

[Horrible FBI Moneypak Virus - Help Needed!]

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.28.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ben S :: BENS-PC [administrator]

Protection: Enabled

11/28/2012 2:10:54 PM

mbam-log-2012-11-28 (14-10-54).txt

Scan type: Full scan (C:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 550190

Time elapsed: 20 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

__________________________________________

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:39:32 PM, on 11/28/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NetWorx\networx.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Ben S\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\ProgramData\FLEXnet\Connect\11\agent.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Pidgin\pidgin.exe

E:\Steam\steam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Ben S\AppData\Roaming\Spotify\spotify.exe

C:\Users\Ben S\Downloads\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Ben S\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Ben S\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: OpenVPN Client.lnk = C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe

O4 - Global Startup: RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SysWOW64\cryptainersrv.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--

End of file - 11397 bytes

________________________

Everything continues to run fine for the past 2-3 days..

[Horrible FBI Moneypak Virus - Help Needed!]

Hi, I haven't had any problems since restarting. Everything seems to be fine.

[Horrible FBI Moneypak Virus - Help Needed!]

It was working fine until I ran combofix. It seemingly deleted a lot of my startup programs and taskbar items, such as my web browser(s). I've had to deal with a workaround for them.

As for the Combofix log:

ComboFix 12-11-21.01 - Ben S 11/21/2012 23:18:01.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12286.9405 [GMT -5:00]

Running from: c:\users\Ben S\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Ben S\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

c:\users\BENS~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))

.

.

2012-11-22 04:22 . 2012-11-22 04:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-20 10:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9833258A-82EC-48BA-8733-AFFA49B968DD}\mpengine.dll

2012-11-17 08:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-17 08:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-17 08:04 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-17 08:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-17 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-17 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-17 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-17 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-17 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-17 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-17 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 19:44 . 2012-11-16 19:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-16 19:44 . 2012-11-16 19:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-16 17:23 . 2012-11-16 17:23 -------- d-----w- c:\program files\CCleaner

2012-11-16 17:08 . 2012-11-16 17:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-16 16:39 . 2012-11-16 16:39 -------- d-----w- c:\users\Ben S\AppData\Roaming\SUPERAntiSpyware.com

2012-11-16 16:39 . 2012-11-16 16:39 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-16 16:39 . 2012-11-16 16:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-11-16 14:48 . 2012-11-16 14:48 -------- d-----w- c:\users\Ben S\AppData\Roaming\Malwarebytes

2012-11-16 14:48 . 2012-11-16 14:48 -------- d-----w- c:\programdata\Malwarebytes

2012-11-16 14:48 . 2011-07-08 12:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-11-16 14:48 . 2012-11-16 16:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-16 14:48 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-16 13:59 . 2012-11-16 19:17 -------- d--h--w- c:\users\Ben S\AppData\Local\SysWow64

2012-11-14 21:17 . 2012-11-15 21:54 -------- d-sh--w- c:\users\Ben S\wc

2012-11-14 21:16 . 2012-11-14 21:16 -------- d-----w- c:\users\Ben S\AppData\Roaming\Molura

2012-11-14 21:16 . 2012-11-14 21:16 -------- d-----w- c:\users\Ben S\AppData\Local\Molura

2012-11-14 21:15 . 2012-11-14 21:15 -------- d-----w- c:\program files (x86)\Molura

2012-11-12 17:27 . 2012-07-26 00:31 1414144 ----a-w- c:\windows\SysWow64\spk.dll

2012-11-12 17:27 . 2011-03-02 17:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll

2012-11-08 01:26 . 2012-11-08 01:26 -------- d-----w- c:\users\Ben S\.towns

2012-11-07 01:00 . 2012-11-07 01:00 -------- d-----w- c:\programdata\ATI

2012-11-07 01:00 . 2012-11-07 01:00 -------- d-----w- c:\program files (x86)\AMD AVT

2012-11-07 01:00 . 2012-11-07 01:00 -------- d-----w- c:\program files (x86)\AMD APP

2012-11-07 00:58 . 2012-11-07 00:58 -------- d-----w- C:\AMD

2012-11-06 03:19 . 2012-11-06 03:19 -------- d-----w- c:\program files\NTCore

2012-11-06 01:39 . 2012-11-07 01:00 -------- d-----w- c:\programdata\AMD

2012-11-06 01:39 . 2012-11-06 01:39 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-11-06 01:38 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-10-29 18:23 . 2012-10-29 18:23 -------- d-----w- c:\program files (x86)\Netpeak

2012-10-25 00:49 . 2012-10-25 00:49 -------- d-----w- c:\users\Ben S\AppData\Roaming\FLEXnet

2012-10-25 00:48 . 2012-10-25 00:48 -------- d-----w- c:\users\Ben S\AppData\Roaming\Nuance

2012-10-25 00:47 . 2012-10-25 00:47 -------- d-----w- c:\program files (x86)\Common Files\IVA

2012-10-25 00:47 . 2012-10-25 00:47 -------- d-----w- c:\program files (x86)\Common Files\Nuance

2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\programdata\Nuance

2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\programdata\Macrovision

2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\programdata\FLEXnet

2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\program files (x86)\Nuance

2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2012-10-25 00:42 . 2012-10-25 00:42 -------- d-----w- c:\program files (x86)\MSXML 4.0

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-17 08:00 . 2010-08-25 15:45 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-08 19:16 . 2012-09-04 08:05 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-09-28 20:37 . 2012-09-28 20:37 221696 ----a-w- c:\windows\system32\clinfo.exe

2012-09-28 20:36 . 2012-09-28 20:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-09-28 20:36 . 2012-09-28 20:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-09-28 20:36 . 2012-09-28 20:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-09-28 20:36 . 2012-09-28 20:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-09-28 20:36 . 2012-09-28 20:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll

2012-09-28 20:32 . 2012-09-28 20:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-09-28 02:23 . 2012-04-06 01:34 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll

2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll

2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll

2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-09-28 01:43 . 2012-04-06 02:21 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-09-28 01:41 . 2012-04-06 02:20 1120768 ----a-w- c:\windows\system32\aticfx64.dll

2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-09-28 01:39 . 2012-04-06 02:13 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe

2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll

2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll

2012-09-28 01:22 . 2012-04-06 01:54 7167488 ----a-w- c:\windows\system32\atidxx64.dll

2012-09-28 01:22 . 2012-04-06 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 79360 ----a-w- c:\windows\system32\amdave64.dll

2012-09-28 01:13 . 2012-09-28 01:13 78336 ----a-w- c:\windows\SysWow64\amdave32.dll

2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-09-28 01:13 . 2012-09-28 01:13 74240 ----a-w- c:\windows\system32\atisamu64.dll

2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 71168 ----a-w- c:\windows\SysWow64\atisamu32.dll

2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-09-28 01:11 . 2012-04-06 01:09 129536 ----a-w- c:\windows\system32\atiuxp64.dll

2012-09-28 01:11 . 2012-04-06 01:09 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll

2012-09-28 01:10 . 2012-04-06 01:09 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-09-14 19:19 . 2012-10-10 05:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 05:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-12 01:28 . 2012-09-12 01:28 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-12 01:28 . 2012-07-17 16:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-12 01:28 . 2010-07-07 22:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-31 18:19 . 2012-10-10 05:29 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 05:29 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 05:29 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 05:29 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 05:28 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 05:28 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}]

2012-07-18 23:26 195448 ----a-w- c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Spotify Web Helper"="c:\users\Ben S\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]

"Facebook Update"="c:\users\Ben S\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-07 138096]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-10-02 380928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

OpenVPN Client.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe [2010-8-6 19968]

RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2012-3-1 2723840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ALSysIO;ALSysIO;c:\users\BENS~1\AppData\Local\Temp\ALSysIO64.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-03 1255736]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]

S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-04-15 57016]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 ssoftnt4;ssoftnt4;c:\windows\system32\Drivers\ssoftnt4.sys [2010-02-04 101880]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2012-07-18 310232]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 19:44]

.

2012-11-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2860796573-1848591789-3297064592-1000Core.job

- c:\users\Ben S\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 15:07]

.

2012-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2860796573-1848591789-3297064592-1000UA.job

- c:\users\Ben S\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 15:07]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 16:39]

.

2012-11-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b7079cf4-71a0-4a79-9ebd-481b35eb89d7.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-11-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task cbe760a2-1c5c-436d-86a5-b529692b3d0e.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NetWorx"="c:\program files\NetWorx\networx.exe" [2011-04-15 2793472]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm

IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\

FF - prefs.js: network.proxy.ftp - 216.108.225.224

FF - prefs.js: network.proxy.ftp_port - 60099

FF - prefs.js: network.proxy.gopher - 216.108.225.224

FF - prefs.js: network.proxy.gopher_port - 60099

FF - prefs.js: network.proxy.http - 216.108.225.224

FF - prefs.js: network.proxy.http_port - 60099

FF - prefs.js: network.proxy.socks - 216.108.225.224

FF - prefs.js: network.proxy.socks_port - 60099

FF - prefs.js: network.proxy.ssl - 216.108.225.224

FF - prefs.js: network.proxy.ssl_port - 60099

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Steam App 25890 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 42910 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 47410 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 72200 - c:\program files (x86)\Steam\steam.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\windows\SysWOW64\cryptainersrv.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2012-11-21 23:25:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-22 04:25

ComboFix2.txt 2012-11-16 17:37

ComboFix3.txt 2012-11-16 17:05

ComboFix4.txt 2012-11-16 16:24

.

Pre-Run: 14,985,756,672 bytes free

Post-Run: 14,994,870,272 bytes free

.

- - End Of File - - F759EAE02C83E8ADC2D28023C2766D57

[Horrible FBI Moneypak Virus - Help Needed!]

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Ben S [Admin rights]

Mode : Scan -- Date : 11/16/2012 14:16:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[sTARTUP][sUSP PATH] msoft32.exe @Ben S : C:\Users\Ben S\AppData\Local\SysWow64\msoft32.exe -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{2c3a99bd-56bd-eec9-972f-5e53c386c37a}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{2c3a99bd-56bd-eec9-972f-5e53c386c37a}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SSDSA2M080G2GN ATA Device +++++

--- User ---

[MBR] 106b70108fd4665e6b282d98a407e3c1

[bSP] c14748835262190d8ef9608e754853db : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS ATA Device +++++

--- User ---

[MBR] d39a6d8d05e9b71c1a14490e961fe192

[bSP] 46a57f82f35b90a1402d5545ee9b5cf1 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11162012_02d1416.txt >>

RKreport[1]_S_11162012_02d1416.txt

_____________________________

# AdwCleaner v2.007 - Logfile created 11/16/2012 at 14:12:45

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ben S - BENS-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Ben S\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\searchplugins\Askcom.xml

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\BitTorrentBar

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\Ben S\AppData\Local\BitTorrentBar

Folder Deleted : C:\Users\Ben S\AppData\Local\Conduit

Folder Deleted : C:\Users\Ben S\AppData\Local\ConduitEngine

Folder Deleted : C:\Users\Ben S\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Ben S\AppData\LocalLow\BitTorrentBar

Folder Deleted : C:\Users\Ben S\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Ben S\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Ben S\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\Conduit

Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\ConduitEngine

Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\CT2790392

Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\extensions\engine@conduit.com

Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\extensions\toolbar@ask.com

Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\extensions\vshare@toolbar

Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\FCTB

Folder Deleted : C:\Users\Ben S\AppData\Roaming\OpenCandy

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\BitTorrentBar

Key Deleted : HKCU\Software\CompeteInc

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4996A6FC-F393-458B-A114-E0A9E54C4F72}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Toolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\Software\BitTorrentBar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4996A6FC-F393-458B-A114-E0A9E54C4F72}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4996A6FC-F393-458B-A114-E0A9E54C4F72}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02FEDDA5-33F7-4E97-8C7A-B56967D2EA6D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28290E68-B719-4D40-866D-3C0F4DAC58C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\prefs.js

C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\user.js ... Deleted !

Deleted : user_pref("CT2790392..clientLogIsEnabled", true);

Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2790392.CTID", "CT2790392");

Deleted : user_pref("CT2790392.CurrentServerDate", "2-2-2011");

Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");

Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Wed Feb 02 2011 16:54:00 GMT-0500 (Eastern Standard Ti[...]

Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 491);

Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Wed Feb 02 2011 15:27:27 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Wed Feb 02 2011 15:27:23 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Wed Feb 02 2011 15:27:23 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Wed Feb 02 2011 15:27:23 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Wed Feb 02 2011 15:27:23 GMT-0500 (Eastern St[...]

Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);

Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);

Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);

Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);

Deleted : user_pref("CT2790392.FirstServerDate", "1-2-2011");

Deleted : user_pref("CT2790392.FirstTime", true);

Deleted : user_pref("CT2790392.FirstTimeFF3", true);

Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false);

Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);

Deleted : user_pref("CT2790392.Initialize", true);

Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);

Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration");

Deleted : user_pref("CT2790392.InstalledDate", "Tue Feb 01 2011 09:27:22 GMT-0500 (Eastern Standard Time)");

Deleted : user_pref("CT2790392.IsGrouping", false);

Deleted : user_pref("CT2790392.IsMulticommunity", false);

Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);

Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);

Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Fri Feb 04 2011 09:27:22 GMT-0500 (Eastern Standar[...]

Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2790392.LastLogin_3.2.5.2", "Wed Feb 02 2011 13:27:21 GMT-0500 (Eastern Standard Time)"[...]

Deleted : user_pref("CT2790392.LatestVersion", "3.2.5.2");

Deleted : user_pref("CT2790392.Locale", "en");

Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]

Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Fri Feb 04 2011 09:27:22 GMT-0500 (Eastern Stand[...]

Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Fri Feb 04 2011 09:27:21 GMT-0500 (Eastern Standard [...]

Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Wed Feb 02 2011 14:57:57 GMT-0500 (Eastern Standard Ti[...]

Deleted : user_pref("CT2790392.SettingsLastUpdate", "1295945175");

Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Tue Feb 01 2011 09:27:21 GMT-0500 (Eastern Sta[...]

Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246790578");

Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Deleted : user_pref("CT2790392.UserID", "UN84527464540924312");

Deleted : user_pref("CT2790392.ValidationData_Toolbar", 2);

Deleted : user_pref("CT2790392.WeatherNetwork", "");

Deleted : user_pref("CT2790392.WeatherPollDate", "Wed Feb 02 2011 16:27:35 GMT-0500 (Eastern Standard Time)");

Deleted : user_pref("CT2790392.WeatherUnit", "F");

Deleted : user_pref("CT2790392.alertChannelId", "1182482");

Deleted : user_pref("CT2790392.backendstorage.hxxp://conduit_priceblink_com/conduit.uid", "36666638656330362D6[...]

Deleted : user_pref("CT2790392.myStuffEnabled", true);

Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2790392.testingCtid", "");

Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Fri Feb 04 2011 16:54:00 GMT-0500 (Eastern S[...]

Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Tue Feb 01 2011 09:27:22 GMT-0500 (Eastern S[...]

Deleted : user_pref("CT2790392.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]

Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2790392");

Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");

Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar");

Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4c35e7fa&[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2790392");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2790392");

Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 12 2011 14:37:37 GMT-0500 (Easte[...]

Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 12 2011 14:37:37 GMT-0500 (Eastern S[...]

Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");

Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.alert.userId", "37f43710-3796-4e3a-9c38-5a4939cd0760");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Feb 04 2011 09:27:22 GMT-0500 (Eas[...]

Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");

Deleted : user_pref("ConduitEngine.FirstServerDate", "02/01/2011 17");

Deleted : user_pref("ConduitEngine.FirstTime", true);

Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);

Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);

Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);

Deleted : user_pref("ConduitEngine.Initialize", true);

Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);

Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");

Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Feb 01 2011 09:27:03 GMT-0500 (Eastern Standard Time)"[...]

Deleted : user_pref("ConduitEngine.IsMulticommunity", false);

Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);

Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);

Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Feb 02 2011 09:27:24 GMT-0500 (Eastern Sta[...]

Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Feb 02 2011 15:27:06 GMT-0500 (Eastern Standard Ti[...]

Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);

Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]

Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Feb 02 2011 15:27:24 GMT-0500 (Eastern Standar[...]

Deleted : user_pref("ConduitEngine.UserID", "UN54518410256740796");

Deleted : user_pref("ConduitEngine.engineLocale", "en-US");

Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Feb 02 2011 12:27:24 GMT-0500 (Easte[...]

Deleted : user_pref("ConduitEngine.initDone", true);

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid=%7B7094f01[...]

Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);

Deleted : user_pref("extensions.vshare@toolbar.install-event-fired", true);

Deleted : user_pref("extensions.vshare@toolbar.update.enabled", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.2806055.KeywordHistory", "Search%2520and%2520Ea[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 30);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 30);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1325198036990");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.2806055.engine_img", "aHR0cDovL3NlY[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.2806055.engine_url", "aHR0cDovL3NlY[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.2806055.text", "");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.CaptureType", 2);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.lastPrivacyRulesTime", 1297539454);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.lastPrivacyRulesUrl", "hxxp://dcs.consumeri[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.lastWhitelistTime", 1297539454);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.lastWhitelistUrl", "hxxp://dcs.consumerinpu[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.panelID", "freecausefox");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.userID", "FCZ3DNJ47304553");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.version", "6211");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.whitelistInterval", 1440);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.installDate", "11022010");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.lastPingTime", 1297539457);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.revision", "55");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.runcmd.", "348572137");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.session", "99BC02E6A41586A10BC8455544098007792F[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tbver", "1.300.306");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "47304553");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "258f7fbe32bf245b8fe3d43654a206b420d[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.voicebox.surveys", "");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.voicebox.version", "1013");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);

Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={A3C3FB96-0B8C-4E9F-8B50-9541F7677E6D}&m[...]

Deleted : user_pref("vshare.install.date", "1288483200000");

Deleted : user_pref("vshare.install.finished", "1.0.0");

Deleted : user_pref("vshare.install.guid", "{975c5bcf-7644-4766-bfb5-bc11b9214a33}");

Deleted : user_pref("vshare.install.isHidden", true);

Deleted : user_pref("vshare.install.laststatreq", "1309305600000");

Deleted : user_pref("vshare.install.newtab", false);

Deleted : user_pref("vshare.install.overlayVersion", 1);

-\\ Google Chrome v [unable to get version]

File : C:\Users\Ben S\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [27065 octets] - [16/11/2012 14:12:45]

########## EOF - C:\AdwCleaner[s1].txt - [27126 octets] ##########

[Horrible FBI Moneypak Virus - Help Needed!]

Hi,

I believe your assistance killed it! I ran all 3 programs, and RogueKiller detected two registry keys that were removed. I have to figure out how to upload the logs, but I will do so as soon as I figure it out.

[Horrible FBI Moneypak Virus - Help Needed!]

Hi,

This is the worst infection I've ever dealt with by a long shot. I ran MalwareBytes, which detected and removed a ton of infections, but the ransomware is still running. Here's the worst part: I was able to re-start the computer after running it, and everything looked "OK" for a few minutes. Started running MalWareBytes to ensure that there was nothing left, and the virus popped up again, causing MalWareBytes to become unresponsive once the scan completed. (I did a quick scan then full scan).

I am running in networked safe mode - the virus seemingly is doing nothing from this area of my PC. Please help me. This virus is preventing me from doing any work, and is causing me to lose a lot of money.

Thanks!

attach.txt

dds.txt